[Zope] Multiple CookieCrumblers

David Hassalevris bluepaul at earthlink.net
Wed Jan 11 22:56:46 EST 2006


Brian Sullivan wrote:

>On 1/11/06, Jens Vagelpohl <jens at dataflake.org> wrote:
>  
>
>>On 11 Jan 2006, at 21:46, Brian Sullivan wrote:
>>
>>    
>>
>>>I am using CookieCrumbler as an authentication method on a Zope site.
>>>
>>>I am looking at the feasibility of putting multi CookieCrumbler
>>>objects (all with the same settings -- except for the cache setting)
>>>on a site in order to allow some parts of the site to be cached in an
>>>upstream proxy and forbidding others.
>>>
>>>Is this a reasonable thing to do? Will it achieve the result I am
>>>looking for?
>>>      
>>>
>>I will not do what you expect to do. The first cookie crumbler to do
>>authentication sets the cookie and even if other cookie crumblers get
>>involved they will not just overwrite that cookie because the
>>lifetime setting on their cookie is different.
>>
>>    
>>
>
>
>In some testing I found that the headers (at least the upstream cache
>setting which is what I was interested in) does seem to be different
>depending on the first CookieCrumbler to handle the content (I set one
>in a subdirectory to cache setting 'public' and the main system level
>one to 'private')-  which would seem to imply that higher placed ones
>recognize the cache header setting and avoid changing it? This seemed
>to do what I want.
>
>If this isn't a strategy for doing what I want to do can anybody thing of one?
>I have a site that is authenticated using CookieCrumbler. I have a
>whole bunch of static files/objects, some fairly large isolated in a
>subfolder on the site. I want the static objects to be cached by
>upstream proxies, but all other parts of the site not cacheable.
>___
>
Brian,

Can you explain how you are using this?  Does cookie crumbler's 
cache-control apply to *all*  authenticated responses?   If so, I didnt 
realize it was so sweeping (I admit i had assumed it applied to the 
authentication cookie).

Have you, for example, considerered branching to different folders (one 
with all object caches set to no-cache) based on a user role? 

Can you give more detail?

David


Good luck!
David

Its an interesting idea, to cascade cookie crumblers - you might be able 
to fake the login_screen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060111/7ecf4621/attachment.htm


More information about the Zope mailing list